[ previous ] [ next ] [ threads ]
 
 From:  "Mitch \(WebCob\)" <mitch at webcob dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Dynamic rule limits - is this supported?
 Date:  Wed, 15 Sep 2004 10:19:54 -0700
Never noticed this before, but as following a discussion on freebsd-net
where a firewall's dynamic rule list was being overwhelmed...

They were discussing creating rules like this:

> ipfw add allow tcp from evil/24 to any port 445 setup limit src-addr 4
> ipfw add allow tcp from evil/24 to any port 139 setup limit src-addr 4

This would allow only 4 connections for example

Also, the dynamic rule limit seems to be configurable - just in case this
helps anyone I thought I'd note it here...

The default (FBSD 4.9, ipfw 2) number of rules max seems to be 4096.

net.inet.ip.fw.dyn_max: 4096

hope that is useful to someone.

m/